There’s a new kind of developer in town. These developers have no training in software languages, and no computer science degree. But they are building apps in the enterprise to get their jobs done.
We know that enterprise tech has been growing consumerized for some time. The Bring Your Own Device (BYOD) market hit $266 billion this year, according to market research firm Markets and Markets. The research firm Gartner expects about 35 percent of IT expenditures will be managed outside traditional IT, within this shadow IT channel.
But the consumerization of IT isn’t stopping with BYOD and cloud services. New “low code” development platforms are making it easy for anyone to be a developer. These amateur, or low code citizen developers are using low code visual coding platforms to build new enterprise applications for use in their organization. All of this is part of the broad Shadow IT trend, which we have written about extensively.
This is also happening for the same reasons Shadow IT happened: workers and business managers find themselves unable to do their job as effectively as they need, and IT takes too long to deliver the apps and resources they need.
However, all isn’t rosy. IT needs to always ensure that all apps are created and used to policy, that regulated data isn’t being used out of an allowable scope for example, and that appropriate security controls – such as access to that data – are enforced.
So it’s important that IT look out for these apps, then catalogue and manage them. When they are not up to policy, enterprise developers and other teams can work to get them there.
Monitor for citizen development
Security teams need to know what is going on. Not so much to stop citizen developers, but to make certain that confidential and regulatory protected data isn’t handled improperly. It’s important to monitor web and network traffic to identify these apps.
Cultivate and provide manageable development platforms
Provide a way for citizen developers to develop within, on sanctioned platforms and systems. Look for low code and visual development tools and provide access to these platforms.
Provide development training
IT should provide access to declarative, low code development training. This will help citizen developers to develop the apps they need, properly. And it will improve the quality of the apps and build security and compliance awareness.
Review for policy and security compliance
As these apps are identified and vetted, any that do touch confidential or regulated information need to be catalogued and made part of the standard security and regulatory compliance review.
Consider an enterprise App store
Consider instituting an app store or app catalogue where citizen-developed apps can be accessed by anyone interested in using them. This will help to avoid duplicate efforts, help the enterprise get more value from these apps, and create a central place where apps can be tested and vetted.
There’s no “one thing” with regard to securing citizen developers and, much like BYOD, there’s no sense trying to ban citizen developers. After all, the business needs to cultivate creativity. You need to make sure it’s all done securely.